Security is critical for any server that will connect to the Internet. Once your server is out there, you will get attackers trying to compromise its integrity. The question is not whether or not you will be attack but whether or not you were prepared to defend against it.
The best way to prevent attacks from doing any damage is to setup layers of defense. If all a person has to do to gain access is get past your firewall, your password, or any other single line of defense, your server may not last long.
1. Router firewall and intrusion detection – A secure, properly configured router can prevent attackers from even trying to reach your server, let alone do harm to it.
2. Physical security – When possible, keep server rooms guarded with some type of security system.
3. Application Firewall – An application firewall, like ModSecurity can prevent users who access your site through normal means, such as the HTTP protocol.
4. Security fixes – Applications and the operating system should be scanned for security holes, patched with the latest fixes, and freuquently tested.
5. Detection and prevention software – Malware and virus detectors, brute force detection, DoS detection, and other types of security software may be your last line of defense.
When setting up your server’s security, it is important not to miss something basic that could lead to catastrophic problems later on. Instead, take your time preparing your server and take the time to frequently check, update, and test it.
- Linux Server Security Guide: Part 3
- Back to the Basics #6: Network Security
- How to Tighten Security in the /tmp Directory
- 3 Lessons I Learned About Security
- Server Script Security